Detection and prevention of DNS spoofing attacks

@article{Maksutov2017DetectionAP,
  title={Detection and prevention of DNS spoofing attacks},
  author={Artem A. Maksutov and I. A. Cherepanov and Maksim S. Alekseev},
  journal={2017 Siberian Symposium on Data Science and Engineering (SSDSE)},
  year={2017},
  pages={84-87}
}
One of the modern MitM-attacks on HTTPS is attacks using SSLstrip and SSLstrip+ utilities, the latter of which uses a DNS-spoofing type attack. Currently, there are several ways to protect against replacing DNS responses, but there is no available and simple tool for detecting a DNS-spoofing attack. The utility designed for this is called DNSwitch and was described in this article. 

Figures from this paper

Measuring IPv6 DNS Reconnaissance Attacks and Preventing Them Using DNS Guard

TLDR
This paper evaluates new IPv6 reconnaissance techniques in real IPv6 networks and exposes how to leverage the Domain Name System for IPv6 network reconnaissance and proposes a DNS Guard (DNSG) to efficiently detect DNS reconnaissance attacks in IPv 6 networks.

Detecting Malicious DNS over HTTPS Traffic Using Machine Learning

  • S. SinghP. Roy
  • Computer Science
    2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT)
  • 2020
TLDR
This paper uses various machine learning classifiers such as Naive Bayes, Logistic Regression, Random Forest, and Gradient Boosting to detect the malicious activity at DNS level in the DoH environment and confirmed that the RF and GB classifiers are better choices for the said problem.

SFDS: A Self-Feedback Detection System for DNS Hijacking Based on Multi-Protocol Cross Validation

TLDR
It is shown that in real circumstance for two weeks, SFDS can find almost 1300 correct (Domain, IP) tuples for one domain on average in one day, and SFDS is effective with accuracy approximately 100% by the authors' experiments.

DNS attack mitigation Using OpenStack Isolation

TLDR
This research aims to propose a model for the development of a private cloud infrastructure to host DNS, which will be created using the OpenStack software platform where each server will be hosted separately in a different virtual machine.

Technique for IoT Cyberattacks Detection Based on DNS Traffic Analysis

TLDR
A new technique for cyberattacks detection based on DNS traffic analysis is presented, which enables the proactive malicious requests detecting in corporate area networks based on Domain Name System (DNS) protocol, and is aimed to identify and block the malicious domains and DND data deletion requested by the attackers.

DCG: A Client-side Protection Method for DNS Cache

TLDR
This paper proposes a client-side protection method fordomain name system cache that monitors the local cache of domain name system in real time and asynchronously verifies the authenticity of each name resolution result through a trusted third party.

Measuring the Effectiveness of Digital Hygiene using Historical DNS Data

TLDR
The experimental design of the project is outlined, the early data coming out of the DNS firewall is looked at, to support the ultimate question of whether DNS data such as this can be used to accurately assess the efficacy of digital hygiene efforts.

Co_Hijacking Monitor: Collaborative Detecting and Locating Mechanism for HTTP Spectral Hijacking

  • Pan WangXuejiao Chen
  • Computer Science
    2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech)
  • 2017
TLDR
Experimental result shows that, Co HijackingMonitor can solve the hijacking problem effectively and analyze the principle of HTTP spectral Hijacked and present a mechanism of collaboratively detecting and locating called Co HIJackingMonitor.

Information security considerations for cloud-based Enterprise Resource Planning system and best practices for its retirement phase

TLDR
This paper identifies various attacks an ERP system is prone to using literature review, identifies what security controls are to be in place considering NIST 800-53 R5 and ISO/IEC 27001:2013 to create a more secure environment and mapped the identified security controls to facilitate PIPEDA compliance of Canada.

Secure Socket Layer Stripping Attack Using Address Resolution Protocol Spoofing

TLDR
This paper describes the step by step procedure to make SSL strip attack any secured https website, using ARP spoofing to strip HTTPS to HTTP.

References

SHOWING 1-9 OF 9 REFERENCES

Internet Attack Methods and Internet Security Technology

  • O. Adeyinka
  • Computer Science
    2008 Second Asia International Conference on Modelling & Simulation (AMS)
  • 2008
TLDR
This paper investigates common Internet attack methods and different Internet security technologies as well as different solutions to be effective against different types of attacks.

Differentiating Data Security and Network Security

  • S. Kartalopoulos
  • Computer Science, Mathematics
    2008 IEEE International Conference on Communications
  • 2008
TLDR
A method for detecting the channel signature and how it is used to discriminate between degradation/failure and attacks and thus enhance network security is described, as well as a method for attack detection and countermeasure strategies.

Internet security architecture

  • R. Molva
  • Computer Science
    Comput. Networks
  • 1999

IPv6: The Next Internet Protocol

TLDR
The motivations for IPV6, its history, its design criteria, and some of its new features are discussed, and a look at future deployment and applications is presented.

Network Security: It's Time to Take It Seriously (Guest Editors' Introduction)

A frequency synthesizer of the type which selects pulses from a clock pulse generator (21) to provide a lower output frequency Fo, the synthesizer including an accumulator (22) of the type which, for

The Art in Computer Programming

TLDR
Here the authors haven’t even started the project yet, and already they’re forced to answer many questions: what will this thing be named, what directory will it be in, what type of module is it, how should it be compiled, and so on.

Cloud Computing Architectures for Mobile Robotics

TLDR
App applicability of cloud paradigm in mobile robotics is explored, using some special "robotic" types of clouds, such as Robot-as-a­ Service and rvice to leverage abilities of a single robotics platform in mobile robotic system as services to robotic system's users or other mobile robotic platforms.

Cloud computing architectures for mobile robotics

TLDR
This paper explores applicability of cloud paradigm in mobile robotics by using some classic cloud architectures with some special “robotic” types of clouds to leverage abilities of a single robotics platform in mobile robotic system as services to robotic system's users or other mobile robotic platforms.

Network Security Basics

  • G. Marin
  • Computer Science
    IEEE Secur. Priv.
  • 2005
TLDR
This article focuses on the practical networking aspects of security, which include computer intrusion detection, traffic analysis, and network monitoring, and principally entail a networking perspective.